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Covariant-contravariant simulation is a combination of standard (covariant) simulation, its contravari- 
ant counterpart and bisimulation. We have previously studied its logical characterization by means of 
the covariant-contravariant modal logic. Moreover, we have investigated the relationships between 
this model and that of modal transition systems, where two kinds of transitions (the so-called may 
and must transitions) were combined in order to obtain a simple framework to express a notion of 
refinement over state-transition models. In a classic paper, Boudol and Larsen established a precise 
connection between the graphical approach, by means of modal transition systems, and the logical 
approach, based on Hennessy-Milner logic without negation, to system specification. They obtained 
a (graphical) representation theorem proving that a formula can be represented by a term if, and 
only if, it is consistent and prime. We show in this paper that the formulae from the covariant- 
contravariant modal logic that admit a "graphical" representation by means of processes, modulo 
the covariant-contravariant simulation preorder, are also the consistent and prime ones. In order to 
obtain the desired graphical representation result, we first restrict ourselves to the case of covariant- 
contravariant systems without bivariant actions. Bivariant actions can be incorporated later by means 
of an encoding that splits each bivariant action into its covariant and its contravariant parts. 

1 Introduction 

Modal transition systems (MTSs) were introduced in [Oj [TOl as a model of reactive computation based 
on states and transitions that naturally supports a notion of refinement. This is connected with the use 
of Hennessy-Milner Logic without negation as a specification language: a specification describes the 
collection of (good) properties that any implementation has to fulfil. More generally, a process p is 
considered to be better than q if the set of formulae satisfied by q is included in the set of formulae 
satisfied by p. The tight connections between these two ways of expressing the notions of specification 
and refinement were studied in [4j. There the authors talked about "graphical" representation (by means 
of one or several MTSs) of logical specifications, and completely characterized the collection of logical 
specification that can be "graphically represented". These are the so-called prime, consistent formulae. 

There are two types of modal operators in Hennessy-Milner Logic: (a) and [a], for each action a. 
Intuitively, a formula {a)(p indicates that it must be possible to execute a and reach a state that satisfies 
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(p, while [a\(p imposes that this will happen after any execution of a from the current state. It is well 
known that these two operators reflect the duality 3-V, so that any process satisfying a {a) (p formula must 
include some a-labelled transition reaching a state satisfying (p, whereas the constraint expressed by a 
[a\(p formula is better understood in a negative way: a process satisfying it may not contain an a-labelled 
transition reaching a state that does not satisfy (p. In particular, the formula [a]l- indicates that a process 
cannot execute a in its initial state, and therefore, using these formulae, we can limit the set of actions 
offered at any state. 

In order to reflect these two kinds of constraints at the "operational" level, MTSs contain two kinds 
of transitions: the may transitions and the must transitions. Then we can use MTSs both as specifications 
or as implementations, and the notion of refinement imposes that, in order to implement correctly a 
specification, an implementation should exhibit all the must transitions in the MTS that describes the 
specification and may not include any transition that is not allowed by the specification: we cannot add 
any new may transition, although those in the specification could either disappear, be preserved or turned 
into must transitions. The relation between may and must is reflected in the formal definition of MTSs 
by requiring that each must transition is also a may transition. 

The conditions defining the notion of refinement between MTSs obviously resemble those defining 
simulation and bisimulation. For may transitions we have a contravariant simulation condition, express- 
ing the fact that no new (non-allowed) may transition can appear when refining a specification. Since 
we impose that must transitions induce the corresponding may transitions, we could think that they are 
related in a "bisimulation-like" style. However, this is not the case since the contravariant simulation 
condition imposed on the may part can be covered by a may transition without must counterpart. In fact, 
this is crucial in order to capture the principle that a may transition can be refined by a must transition. 

Some of the authors of this paper thought that a more direct combination of simulation and bisim- 
ulation conditions could capture in a more flexible way all the ideas on which the specification of sys- 
tems by means of modal systems and modal logics is based, and we looked for the clearest and most 
general framework to express those modal constraints. We found that covariant-contravariant systems 
(sometimes abbreviated to cc-systems) are a possible answer to this quest, combining pure (covariant) 
simulation, its contravariant counterpart and bisimulation. 

We started the study of covariant-contravariant simulation in Q, and the modal logic characterizing 
it was presented in [7 ]. (In what follows, we refer to this logic as cc-modal logic.) In the most general 
case, we consider a partition of the set of actions into three sets: the collection of covariant actions, that of 
contravariant actions, and the set of bivariant actions. Intuitively, one may think of the covariant actions 
as being under the control of the specification LTS, and transitions with such actions as their label should 
be simulated by any correct implementation of the specification. On the other hand, the contravariant 
actions may be considered as being under the control of the implementation (or of the environment) and 
transitions with such actions as their label should be simulated by the specification. The bivariant actions 
are treated as in the classic notion of bisimulation. 

We will see in this paper that, as in the MTS setting, the consistent and prime formulae from the 
cc-modal logic are exactly those that admit a "graphical" representation by means of processes modulo 
the covariant-contravariant simulation preorder. Moreover, each formula in the cc-modal logic can be 
represented "graphically" by a (possibly empty) finite set of processes. 

The proofs of these representation results are inspired by the developments in H. There are, how- 
ever, subtle differences because, in covariant-contravariant systems, each action has a single modality 
(covariant, contravariant, bivariant), while in MTSs we can combine both may and must transitions. 

In fact, in order to obtain the desired graphical representation, for technical reasons we first restrict 
ourselves to the case of covariant-contravariant systems without bivariant actions. The reason that justi- 
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fies this constraint is that bivariant actions cannot be approximated in a non-trivial way (either we have 
one of them as itself, or we do not have it at all). Instead, covariant and contravariant actions behave in a 
more flexible way and we can obtain the desired characterization result by following the lead of the work 
done for MTSs. 

Then we observe that bivariant actions can be seen as the combination of a covariant and a contravari- 
ant action. In fact, this also corresponds with the idea used in [1] when relating MTSs and cc-systems. 
Indeed, the constraint imposed on must transitions in MTSs, where they should always be accompanied 
by their may counterparts, tells us somehow that they have a "nearly" bivariant behaviour. (To be more 
precise, they are first covariant, but they are also "semi"-contravariant because when comparing two pro- 
cesses p and q, any must transition in q should fit with either a corresponding must transition in p, or at 
least with a may transition there.) 

We could say that the very recent development of the notion of partial bisimulation in the setting 
of labelled transition systems (LTSs) presented in ||3l has completed the spectrum of modal simulations. 
Partial bisimulation combines plain bisimulation fTT', T5 ] and simulation, also by means of a partition of 
the set of actions. For the actions in the distinguished set B we have bisimulation-like conditions, while 
for the others we only impose simulation. Note that, instead, may transitions in MTSs corresponded to 
contravariant simulation conditions, and therefore, partial bisimulation can be seen as a dual of MTSs, 
and covariant-contravariant systems (cc-systems) as a unifying framework where we can combine the 
refinement ideas in the theory of MTSs with the explicit consideration of the constraints imposed by the 
environment, which is possible when partial bisimulation is used. Once we know that the formulae from 
the modal logic for cc-systems also afford a graphical representation, we will be able to integrate the 
logical formulae into the development of systems using any of the models discussed above. 

The remainder of the paper is organized as follows. Section |2]is devoted to the necessary background 
on covariant-contravariant simulations, whereas in Section [3] we summarize the results on covariant- 
contravariant modal formulae. In Section |4] we develop the study of the graphical representation of 
cc-modal formulae for processes without bivariant actions. Afterwards, in Section [5] we show how we 
can work with cc-systems with bivariant actions. Finally, Section [6] concludes the paper and describes 
some future research that we plan to pursue. 

2 Covariant-contravariant systems 

We start the technical part of the paper by defining the covariant-contravariant simulation semantics for 
processes. Our semantics is defined over Labelled Transition Systems (LTS) S = (P,A, — >), where P 
is a set of process states, A is a set of actions and — >C1 P x A x P is a transition relation on processes. 
We follow the standard practice and write p — > q instead of {p,a,q) G — >. Because of the covariant- 
contravariant view, we assume that A is partitioned into A' and A'', expressed as A = A' tt) A''. As we have 
already mentioned in the introduction, we will delay the consideration of the general case where we have 
also bivariant actions in a third class A*' until Section Hi 

Covariant-contravariant simulation can now be defined as foUows: 

Definition 1 Let 5 = (P, A' ttiA'', — >) be an LTS. A covariant-contravariant simulation over S is a relation 
/? C P X P such that, whenever p,q and pRq, we have: 

• For all a €zA'' and all p — ^ p', there exists some q q' with p' R q'. 

• For all a € a' and all q q', there exists some p — ^ p' with p' R q'. 

We will write p <cc ^ if there exists a covariant-contravariant simulation R such that pRq. 
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Remark 1 Note that we call the actions in A'' like that, because for those there is a "plain simulation" 
from left to right; whereas for the actions in A' there is an "anti-simulation" from right to left. 

It is well known that the relation <cc is a preorder. 

In this study we will be mainly concerned with "finite" properties of systems, which will be either 
captured by (finite) logic formulae, or by finite processes that can be described by means of process 
terms. 

Definition 2 Assume that A=A' tt) A''. Then the collection o/ process terms, ranged over by p, q etc. is 
given by the following syntax: 

p ::= I O) I a.p \ p + p, 

where a € A. We denote the set of process terms by 
The size of a process term is its length in symbols. 

We note that our set ^ of process terms is basically the set of BCCSP terms introduced in [81. The 
only addition to the signature of BCCSP is the constant (O, which will be used to denote the least LTS 
modulo <cc- However, we assume a classification of the actions in two (disjoint) sets, although this is 
not reflected in the syntactic structure of the terms. Even if ^ only contains finite terms, by means of (O 
we will obtain the full contravariant process which can execute any action at any time. 

In fHIHlTl we used a more general definition for covariant-contravariant simulations which includes 
also bivariant actions, but since in the presence of these bivariant actions some technical problems appear 
(in particular the process (O will not be the least process with respect to the covariant-contravariant 
simulation preorder), we have preferred to first develop all the results without bivariant actions and, in 
Section [21 we will describe how they can be extended to a setting with bivariant actions. 

Definition 3 The operational semantics of ,0^ is defined by the following rules: 

h 1 

• (0 — > CO for all b G A, 

• a.p — ^ pfor all a ^A, 

• p — > p implies p + q — > p , 

• q — > q implies p + q — > q . 

Observe that li p ^ (O and p p' , then the size of p' is smaller than the size of p. 

It is clear that (O is the least possible element with respect to the cc-simulation preorder. That is, we 
have ft) <ccP for any p. 

In what follows we assume that A is finite. 

3 The covariant-contravariant modal logic 

Covariant-contravariant modal logic has been introduced and studied in Q. 
Definition 4 Covariant-contravariant modal logic ^ has the following syntax: 

<p::=_L|T|(pA(p|(pV(p| [b\(p \ {a)(p {a eA'',b G a'). 

The operators _L, T, A and V have the standard meaning whereas the semantics for the modal operators 
is defined as follows: 
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p^[b](p ifp' ^ (pfor all p — > p', 

p \= {a)(p if p' 1= (p for some p — ^ p' . 

We say that a formula (p is consistent if there is some p such that p\= (p. 

The modal depth of a formula is the maximum nesting of modal operators in it. 

The covariant-contravariant logic characterizes the covariant-contravariant simulation semantics over 
image-finite processes. Before we state this result formally we introduce some notation. We define the 
set of formulae that a process p satisfies by ^(/j) = {<^\p\=<^} and the logical preorder as follows: 
p q iff ^(/j) C ^(^). Recall that an LTS is im^age finite iff the set {/?' | p p'} is finite for each 
process p and action a. 

Now we have the following theorem: 

Theorem 1 ([7]) If the LTS S is image finite then — over S. 
Clearly the processes in are image finite. 

4 Graphical representation of formulae 

Whenever we have a (modal) logic characterizing some semantics for processes, we could look for a 
single formula that characterizes completely the behaviour of a process logically; this is a so-called 
ciiaracteristic formula. This subject has been studied by many authors in the literature, but we will just 
refer here to the book 121 for more details and further references to the original literature. 

It is clear that, since we only allow for finite formulae without any fixed-point operator, we can 
only treat "finite" processes, such as those definable by our simple process algebra However, the 
recursive definition of the characteristic formulae in what follows gives us immediately the framework 
for extending our results to finite-state processes following standard lines. 

Definition 5 A formula <p ^ ^ is a characteristic formula /or a process p iff p \= <p and ^q.{q ^ 

p^ccq)- 

In what follows, we write ^<\lfii{p^P\p\=<^}Q{p&P\p\= We say that and i/a are 
logically equivalent, written = i//^, iff < i/a and Y <^. 

Lemma 1 The following statements hold. 

1. A formula (j) £ is a characteristic formula for a process p iff \/q.{q \= ^ p <cc q)- 

2. Assume that x{p) and x{q) cif^ characteristic formulae for processes p and q, respectively. Then, 
we have that 

P<ccqiffx{q)<X{p)- 

3. A characteristic formula for a process p is unique up to logical equivalence. 

Proof. 

1 . First assume that is a characteristic formula for a process p. By definition V^. {q\= <p ^ p <cc q) 
holds. We have to prove that Vg.(/7 <cc q ^ q \= (!>)■ To this end, assume that p <cc q. As p\= (j), 
by Theorem [T] we have that q \= (j) and we are done. 

For the converse, as p <cc P we have that p \= <p and the result follows. 
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2. Assume that x{p) Xil) characteristic formulae for processes p and q, respectively. First 
assume that p <cc Q that r \= xiq)- By Definition |5l q <cc r and thus p <cc r. By the previous 
clause of the Lemma, also r \= x{p)- As r was arbitrary, this shows that x{q) < X{p)- Next, 
assume that x{q) <X{p)- As ^ ^ x{'i) then q \= x{p)^ ^^id by definition of the characteristic 
formula, /7<,.c^- 

3. This claim follows directly from statement 2 above. □ 

As a characteristic formula for a process p is unique up to logical equivalence, we can denote it by 
X{p) unambiguously. The next lemma tells us that x{p) exists for each process p ^ 

Lemma 2 The characteristic formula for a process p ^ ^ can he obtained recursively as 
X{P) = A '^^Mp) a a M( V ^^P)) ' ifp + 
X{(0) = T. 

Proof. First we prove that p\= xip)' for each p. This follows by a simple induction on the size of p. 

Next we prove that, for any q, q \= x{p) impUes p <cc^ by induction on the size of q. 

First we note that if p = (O then ;^(ft)) = T and co <cc q', hence we obtain the result. Also, for the 
case p = 0, we have that ;^(0) is equivalent to /\,,£^/[Z7]_L. Thus if ^ ^ then the process q cannot 
perform any b ^A'. This yields that <cc q- 

Now, let p be a process different from and co, and assume that q\= x{p)- First suppose that p p' 
for some p' and some a G A''. As ^ ^ Ap " {^)x{p')' this implies that there is some q — > q' with 

q' \= lip')- Then, by induction, p' <ccq'- 

Next, assume that q q' , for some q' and € A'. As ^ |= A^ga' W\ (V _b_^ ,X{p'))y we can conclude 

b 

that q' ^ x{p')' for some p' with p — > p'. Again, by induction, we conclude p' ^ccq'- □ 

Next we consider the converse problem, we want to represent a formula by a process, or at least by a 
finite set of processes. 

Definition 6 A formula is represented by a (single) process p if 

V<?G^. [qh^Wp<ccq]- 
A formula <p is represented by a finite set M C ^ of processes if 

yqe^. [q^(^iff3p€M.p<,r q]. 

It is clear that p represents (p iff {p} represents (p. Moreover, the empty set of processes represents 
the formula _L. 

The following lemma connects the notion of "graphical representation" of formulae with that of 
characteristic formula for processes. 

Lemma 3 We have the following properties: 

1. p represents (p iff (p = x{p)- 

2. IfM C ^ is finite and <p is a formula then 

M represents (p iff (p = \/ x{p)- 

p€M 
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Proof. 

1. It follows directly from the definitions of these two concepts and Lemma[T] 

2. For any ^ € ^ we proceed as follows: 

3p£M.p<,,q^3p£M.q^Xip)^lh V ^(P)' 

peM 

Now the statement of the lemma follows easily from this fact and Definition |6] □ 

We want to characterize the set of formulae that can be represented by a finite set of processes, and 
in particular by a single process. For this purpose we introduce some notions of normal form for logical 
formulae. 

Definition 7 1. A formula <p is in normal form if it has the form 

iei jeJi keKi 

where all 0j and Xj/'k '^^^ '^^^o in normal form. In particular, _L is obtained when 7 = and T when 
7= {1} andJy =Ky=^. 

2. A formula Y in strong normal form if it has the form 

iel 

where each 0, is in unary strong normal form. A formula is in unary strong normal form if it is 
T or it has the form 

^ = /\{aj)^jA /\[b]Yt, 

jeJ beA' 

where every is in unary strong normal form and every \j/b in strong normal form. 
We note that any unary strong normal form different from T can equivalently be written as 

^ = /\{aj)<l>jA /\[b] V V'b, 

jeJ beA' keKh 

where every 0^ and every y/^ are in unary strong normal form, thus avoiding the introduction of strong 
normal forms. 

Remark 2 It is not hard to see that each unary strong normal form is consistent. See also Theorem |2] to 
follow. 

Clearly the characteristic formulae of processes are in unary strong normal form. Therefore, by 
Lemma [21 it is a necessary condition for a formula to be representable by a single process that it has an 
equivalent unary strong normal form. We will show that this is also a sufficient condition for this to hold 
for any consistent formula. 
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Theorem 2 A unary strong normal form 



jeJ heA' keKt 



is represented by the process defined recursively by 



e(0) 



£a,-.0((/.y)+^ Y^b.e{^^fl), if(t>^T 



j^J b&A' keKi, 



0(T) 



ft). 



In particular is the characteristic formula for 6{(j)) (up to logical equivalence). Note that even if 
in the formal expression above there is a summand for each b € A', only those b's such that ^H) will 
finally appear as summands of6{^). 

Proof. First we prove that d{^) \= <p by induction on the modal depth of (/). If = T we have that 
obviously d{^) = CO \= ^ = T . For the inductive step first we note that 0(0) — ^ ^(0;) for all j £ J. 
By induction, 0(0,) \= (pi- Next assume that 0(0) p for some b £ A' and some p. We have that 
p = 0(i//^) for some ke Kb. By induction d{Yb) \= ¥h ^^^^ therefore 0(vf ) |= V/te/s:* Vb- 

Next we prove that if 17 ^ then 0(0) ^cc^- Towards proving this claim, assume that q \= <p. Again 
we proceed by induction on the modal depth of 0. 

First assume that 0(0) — > p' for some a G A*" and process term p' . Then a = aj for some j € 7 and 

p' = 0{^j). As 17 1= 0, we have that q — ^ q' for some q' with q' \= 0y. By induction, 0(0;) ^ccq', as 



This proves that is the characteristic formula for 0(0) and therefore, by Lemma [3l that 0(0) 
represents 0. □ 

Next, we will show that any formula has an equivalent strong normal form and therefore can always 
be represented by a (possibly empty) finite set of processes. To derive this result we will use several 
standard equivalences between formulae. 

Lemma 4 The following statements hold. 

1. A and V are associative, commutative and idempotent. 

2. A distributes over V, and V distributes over A. 

3. 0VT = T, 0V_L = 0, 0AT = 0, and A _L = _L. 

4. [^]T = T. 

5. [b\<p ^[b\^if=[b\{<p ^^if)forb£AK 

6. {a)<py {a)Y={a){<py^r)fora£A''. 

Proof. The first three collections of equalities are straightforward and well known, so we omit their 
proofs. 

• [^]T = T. We have 7? ^ [Zj]T iff p' \=T for all p — ^ p' . Therefore, the condition is satisfied 

b ^ 
whenever p — > p' , and it is vacuously true when p -/-^. 
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• [b](j) A [b]\lf= [b]{(j) A xj/). We have p\={[b](j) A [b]\lf) iff / |= for P — ^ P' ^nd p' \= i//'for all 
p p', iff p' \= {(p A y) for all iff ^ [b] {<p Ay)- 

• (a)0 V {a)\lf= {a){^ V i//^). We have p\= {a)<p\/ iff there exists p p' such that p' |= or 
there exists p p" such that p" \= y, that is, iff there exists some p —?' p^ such that p^ |= or 
Pq ^ Y- This holds iff p ^ {a) {(j) V y) ■ □ 

Lemma 5 Every formula has an equivalent strong normal form with no larger modal depth. 

Proof. First we prove by induction on the modal depth, using 1-3 of Lemma |4l that has an equivalent 
normal form with the same modal depth. To prove the main statement we can therefore assume that is 
in normal form. We proceed by induction on the modal depth md{<p). The base case md{(p) = (0 = _L 
and <p = T) follows immediately. 
Next let us assume that 

({>=\/{Ma'j)({>'jA f\[bi]Yi). 

iel jeJi keKi 

By Lemma|4j using 4 and 5 and the standard laws described in 1-3, can be rewritten into an equivalent 
formula of the form 

^=\/{/\{a'jWjA f\[b]Yi) 

iel jeJi beA' 

where md{Yb) — sup{mcf(yA^) j k S Kj} (we note that some of the [b]Yj,^ may have the form [^]T, which 
is equivalent to T). Therefore, by the induction hypothesis, we may assume that 0j and Yj, are in strong 
normal form. Next we use Lemma|4l6 to remove all the occurrences of V that are guarded by (a), for 
some a € A*" in each l\jeJi{^))¥j- The result for each / is of the form AjeJiiy leLji^'j)^'/)' where each 0^'' 
is in a unary strong normal form. By repeated use of distributivity, the whole formula can be rewritten as 

reR ses,- beA' teT^ 

where each a;! and jS,^ ' is a unary strong normal form. Finally we note that the operations described 
above do not increase the modal depth. □ 

Now we will relate our result to the one in Boudol and Larsen's paper Bl . 
Definition 8 A formula is prime if the following holds: 

V01 , ^2 G -S^- < 01 V 02 implies < 0i or < 02. 

Theorem 3 A formula can always be represented by a finite set of processes. It can be represented by 
a single process if and only if it is consistent and prime. 

Proof. By Lemma [51 = 0i V . . . V 0„ where each 0,-, 1 < / < n, is in unary strong normal form. By 
Theorem [2j 0,- = x{pi) for some /?,• for each !</<«, and therefore = x{pi)^ ■ ■ ■ ^ X{Pn)- The first 
statement now follows from Lemma [3|2l 

Towards proving the second statement, first assume that = ;t(pi) V ... ^ x{Pn) is prime. This 
implies that < x{Pi) ^ 0' for some / G {1, . . . ,n}, which in turn implies that = x{Pi)- 

Next assume that is represented by some process p or equivalently that = x{p)- Now assume 
that zip) ^ 01 V 02- As p \= x{p)^ this implies that p ^ 0i V 02 or equivalently that either p ^ 0i or 
p \= 02. Without loss of generality, we can assume that p |= 0i. Now assume that r \= x{p)- Then p^ccf 
and by Theorem [T] this implies that r\= (pi. Since r was arbitrary, this proves that = x{p) ^ 0i- Hence 
is prime, which was to be shown. □ 
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5 Considering bivariant actions 

Originally HI 0171, the theory of covariant-contravariant semantics also considered bivariant actions in 
a'", so that we had a partition of A into {A'", A', A*'} (called the signature of the LTS), and the definition 
of covariant-contravariant simulations imposed the following two conditions: 

• For all a G A'' U A*' and all p p', there exists some q q' with p' Rq' . 

• For all a £A' U A'" and all q —> q' , there exists some p p' with p' R q' . 

When we have in our signature bivariant actions we cannot get directly the graphical representation 
results that we have presented in Section ID This is so because bivariant actions cannot be under approx- 
imated, as a consequence of the well known result that bisimilarity is an equivalence relation and not a 
plain preorder. In order to maintain our results we mandatorily need that notion of approximation. We 
obtain it by decomposing each bivariant action a into a pair of actions, one covariant, a'' , and another 
contravariant, a' . Technically, we define an embedding of the set of processes over an arbitrary signature 
A = {A'',A',A^'} into that corresponding to a new signature A = {A'',A',0}. The latter does not include 
any bivariant action, and then we can apply to it our graphical representation results, that then can be 
transfered to the original signature by means of the defined embedding. 

In 111 we presented transformations from LTSs to Modal Transition Systems (MTSs), and vice versa, 
named ^ and 'lo, respectively. We proved that both preserve and reflect the covariant-contravariant logic 
and simulation preorder. Applying these two transformations in a row we did not obtain the identity 
function, but instead a transformation = 'i§' o ^ that transforms an LTS with bivariant actions into 
another LTS without them. Since composition preserves the good properties of ^ and also has 

these properties. 

Next we give a direct definition of J^. 

Definition 9 Let T be an LTS with the signature A = {A'",A',A^'}. The LTS ^o{T) with signature A = 
{A'',A',0}, where A'' = {d'' \d e A''UA'"'} andP = {d'^ \d € A'' UA' UA^'}, is constructed as follows: 

• The set of states of 3^q{T) is the same as the one ofT plus a new state u. 

d 

• For each transition p — > p' in T , add a transition p — > p' in J%{T). 

• For each transition p p' in T with d GA'' UA^', add a transition p p' in ,%{T). 

a' d' 

• For each a G A'' and state p, add the transition p — > u to ^o{T), as well as transitions u — >^ u, 
for each action J € A. 

Note that each c € A^' is "encoded" by means of a pair of new actions (c'',c'). Moreover, as a 
consequence of the general definition of for each a S A'', together with a'', which is its "natural" 
encoding an additional a' G A', coupled with it, is introduced. Finally, the behaviour of the "extra" state 
u is defined by CO. 

Based on this transformation, we have designed a direct encoding of LTSs over a signature A = 
{A'',A',A^'}by means of LTSs over an adequate signature A = {A'',A',0}. As above, for each c G A^' in 
the original signature, we introduce a pair of (new) actions, as the following definition makes precise. 

Definition 10 Let T be an LTS with signature A = {A'',A',A'"}. The LTS 3^{T), with signature A = 
{A'',A',0}, where A'' = A'' U {c'' [ c G A^'} and A' = A' U {c' | c G A^'}, is constructed as follows: 

• The set of states of 2^{T) is the same as that ofT. 



L. Aceto, I. Fabregas, D. de Frutos, A. Ingolfsdottir & M. Palomino 



11 



r I 

X*==^Y* Z 



a b 
X^==^Y- Z 

c 




o 

a',c',b' 

Figure 1 : The original transformation of a LTS with bivariant actions into another 
without them, assuming A'' = {a}, A' = {b} and A*' = {c}. 



• All the transitions from T with label in A'' U A are in ^{T). 

• For each transition p — > p' in T with c G A^', we add p — > p' and p — > p' to ^{T). 

The transformation above produces an LTS without bivariant actions more closely related to the 
original covariant-contravariant LTS than that produced by (compare Figure |2] with Figure [Jl. Note 

that the class of LTSs with signature A that satisfy that p — > p' if and only if p — > p', for all p,p' G P, 
and all c € A^"; is exactly the class of processes that are the representation of some LTS with signature A. 

To translate modal formulae we have just to adopt the right modality for each action, as the following 
definition makes precise. 

Definition 11 Let us extend ^ to translate modal formulae over the modal logic for LTS over A into 
modal formulae over the modal logic for LTS over A, as follows: 



• 






• 


^(T) = T. 




• 


,^{(p^\ir) = 




• 


3^{q)\/Y) = 


= v^(va). 


• 


^{{a)^>) = 


{a)3r{(p), ifaeA'. 


• 




{c'')^{(p), ifceA''' 


• 


nm = 


b]^{(p), if be a'. 


• 




c']^{(p), ifceA'''. 



a b or a b 

x- ^ -^ y < Z x-^ Z 

Figure 2: The new transformation 3^{T) of an LTS with bivariant actions into an- 
other without them, assuming A'' = {a}, A' = {b} and A^" = {c}. 

In order to show that ^ preserves and reflects the cc-simulation preorder, we compare ^{T) with 
^q{T) and we prove a more general result. 
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Definition 12 Given a signature {A'',A',0} and c' G A' we define the transformation S^f as that which 
given an LTS T with that signature adds a new state u whose behaviour is that defined by CO, and a new 
transition labelled by c' from each state of T to u. 

Proposition 1 =3^^ preserves and refiects the cc-simulation preorder when applied to a system that does 
not contain any c' transition. 

Proof. We will see that /? is a cc-simulation in T if and only if RU {{u,u)} is a cc-simulation in ^J^{T). 
The result is immediate by simply observing that for a-transitions, with a ^ c', the leaving of any state 
p with p 7^ M are exactly the same in T and S^i{T), while for any such state we always have p — > u in 

Corollary 1 Let T be an LTS with signature {A'',A',A^'}. Then, for any two states p and q of T, we 

have p^ccq ifi ^{T) if and only ifp'^ccl in S^q{T). 

Proof. Note that .^{T) is a {A^A'.Qj-LTS, while %{T) is an {A^A',©}-^, where A' = {a''\ae 
A*" U A^'} and A' = A' U {a' | a G A'}. This means that we can also see ^(r) as an {A'',A',0}-LTS if 
we rename each a € A'" into the corresponding a'' G A*". Then, we can apply for each a G A'' in a 
row, thus getting a transformed system S/'^{T). All along these applications we are under the hypothesis 
of Proposition [T] Moreover, the only differences between =^+(r) and ■%{T) are the collection of a'- 
transitions paired with the a''-transitions in T , with a G A*". But since for any state p of 3/'^{T) we have 

p u, for all a' G {a' | a'' G A'"}, we immediately conclude that the identity is a cc-simulation in both 
directions (up-to the indicating renaming) between the states of =^+(r) and those in ^q{T), from which 
we finally obtain that p <cc q in ^{T) iff p <cc q in ■%{T). □ 

Corollary 2 Our transformation ^ preserves and refiects the cc-simulation preorder, that is, for each 
LTS T and for all states p and q in T, it holds that p <cc q in T if, and only, if p <cc q in S^{T). 

Proof. We just need to combine Proposition [T] and Corollary [T] □ 

Proposition 2 ^ preserves and refiects the cc-logic, that is, for each LTS T, any state p and all 
covariant-contravariant formula (p in T, it holds that p\= (p inT if, and only if, p\= =^(<p) in S^{T). 

Proof. We proved in [1] the corresponding result for and the transformation ,% which is defined on 
logic formulae exactly as but renaming again each a G A'' into a'' . From the definitions of ^ and .% 
we immediately conclude that a' -transitions with a G A'' do not play any role in the satisfaction of any 
formula S^{(p), and then the result follows from that proved in [IJ. □ 

After the representation of a bi variant action c G A^' as a pair (c'',c') with c*" G A*" and c' G A', we 
have that c' under-approximates c, whereas c^ over-approximates c. This means in particular that we 
have c'O <cc c'O + c'O and, more generally, c'p c'p + c' q <cc c'^q, for all processes p and 

q. Therefore, once we have separated the covariant and contravariant characters of bivariant actions 
we achieve a greater flexibility which allows us to consider "non-balanced" processes where these two 
characters do not go always together, thus producing over and under-approximations when needed. 

Discussion It is interesting to compare our new transformation £^ with the original transformation =;5o 
from [jj. The first aims to obtain a representation over the signature {A'',A',0} that is as simple as 
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possible, and this is why we do not introduce a when a G A''. Instead, we can see the result of the 
transformation =3^ as a process in the "uniform" signature A = {A'',A',0}, with A'' = {a'' | a € A*" UA' U 
A^'} and A' = {a' \ ae A' UA' UA^'}. It is true that the actions with be A' do not appear in 5o(r), but 
even so we can consider any %{T) as a process for A. Obviously, this is also the case for £^{T), where 
the actions a' with a G A*" do not appear either. Both .%{T) and .^{T) were "good" representations of 
T , as stated above, however it is clear that we do not have ^o{T) =„. ,9'{T). Instead, ,%{T) <„. £^{T), 
and in fact =3^ (r) is the least process with respect to <cc, for the uniform signature A that has the good 
properties stated in the paper. Note that, instead, ^^'"-transitions for ^7 G A' do not need to be introduced at 
all, since any addition of a covariant transitions produces a <cc-greater process. 

Therefore, the original transformation ,% would be indeed the adequate one if we wanted to obtain 
an embedding of the class of processes for any signature into that corresponding to the uniform signature 
A defined above, where all the actions can be interpreted as the covariant and contravariant parts of the 
actions in a set A. 

To conclude the section we explore the set of systems for any signature A = {A'^,A',0}. Some of 
them, but not all, are equivalent to the representation of a system for the original alphabet A. Whenever 
that is not the case we would need to remove (or add) some transitions labelled by the created actions 
in {c'',c' I c G A^'} in order to obtain a system that is equivalent to the representation of some process. 
In the following proposition we give an algorithm for obtaining a system for the original signature A to 
which a given system for the signature A is equivalent, whenever such a system exists. To make possible 
a proof by (structural) induction, we will only present the result for process terms in 

Proposition 3 Let A = {A'",A',A*'} be a signature and A = {A'',A',0} be the associated signature with- 
out bivariant actions. Let p,q e ^ be process terms for A such that q is the representation of some 
process for the signature A. Let us assume that p =cc <?■ Then it is possible to transform p into the 
representation phi of some process term for A, simply by adding or removing some transitions labelled 
by actions in {c'',c' | c G A*'}. 

Proof. The proof is done by structural induction. 

• If /7 = or = CO we can take phi = p- 

• In the general case, we exploit the fact that whenever a G A'', if q' <cc p' then ap' + aq' =cc ap' 
(and dually, when b G A^ bp' + b^ =cc bcf). This means that from any term for A we can remove 
all the summands ac(' (resp. ftp") such that ap" is not a maximal a-summand of p' with respect 
to <cc (resp. bp" is not a minimal a-summand), obtaining a =cc-equivalent process. So, we start 
by removing all the non-maximal a-summands with a G PJ , and all the non-minimal Z^-summands 
with b eA} oi any subterm of p. By abuse of notation, we will still denote the obtained process by 
p, and we still have p =cc q- 

Now, for any a-summand of p with a e A'', p = p' + ap", there is some q q" with p" <cc q". 
But also, since p =cc q, starting with q q" there must exist some p p"' with q" <cc p"' , but 
then p" "^ccP"' , and since p" was maximal we can assume that p"' = p" , and then we also have 
p" =cc q" . The same is true for all the Z^-summands with b G A', and this means that we can apply 
the induction hypothesis to all the derivatives of p. 

Moreover, for each ap' summand with a = c*" we can add to p the summand c^p' and we obtain 
p =cc p + c^p' . Indeed, we have trivially p + c^p' <cc P, and to prove that p <cc p + c'p' we check 

q ^ccP + c'p'. We only need to see that for any transition p + c'p' p' there is some q q' 



14 



Graphical representation of cc-modal formulae 



with q' p'- We use again the maximality of the summand c''p' and we obtain, as above, that 
there is some c''q' summand of q with q' ^crP'- But since q was the representation of some process 
for A, it has also a summand c'q' as required above. 

The obtained process has already its c'' and c' transitions, with c G A^', paired at its first level, and 
then we simply need to apply the induction hypothesis to conclude the proof. □ 

Remark 3 Although the proposition above assumes that the considered process was equivalent to the 
representation of some process for A, it is easy to use it as a decision algorithm to check that property: 
we apply the algorithm to the given process p and check if the obtained process p' is =cc-equivalent to 
it, if that is not the case then p is not equivalent to the representation of any process for the signature A. 

6 Conclusions and future work 

In |T| we studied the relationships between the notion of refinement over modal transition systems, and 
the notions of covariant-contravariant simulation and partial bisimulation over labelled transition sys- 
tems. Here we have continued that work by looking for the "graphical" representation of the covariant- 
contravariant modal formulae by means of terms, as it was done in [31 for the case of modal transition 
systems. For technical reasons, we had first to restrict ourselves to the case in which we have no bivari- 
ant actions. Afterwards, we argued that the general case can, in some sense, be "reduced" to the one we 
dealt with in Section|4]by defining a semantic -preserving transformation between covariant-contravariant 
systems with bivariant actions, and covariant-contravariant systems without them. 

The idea was to separate each bivariant action into its covariant and its contravariant parts. As a 
matter of fact, we believe that this idea might be useful not only for obtaining theoretical results, as we 
have done here, but also for applications. Most of the studies on process algebras and their semantics 
assume the bivariant behaviour of all the actions. It is true that in some studies (see for example ifTBl ) we 
have a classification of actions, as we have also done in |Tj and in this paper. But now we are proposing 
to exploit the relationships between the different classes of actions. 

As future work, it would be interesting to obtain a direct characterization of the formulae that are 
graphically representable in a setting with bivariant actions. Such a direct characterization will also pave 
the way towards a more general theory of "graphical characterizations" of formulae in modal logics of 
processes, of which the result by Boudol and Larsen and ours are special cases. 

Of course, one of the directions in which we plan to continue our studies is that related with the 
logical characterization of the semantics, and in particular the connections between logical formulae and 
terms established by characteristic formulae and graphical representations. The combination of these 
two frameworks is also an interesting challenge. In particular, we plan some extensions of the recent 
work by Liittgen and Vogler tlLil2J to the case of covariant-contravariant systems. 
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